Microsoft provides three email encryption options for your Office 365. IT Partner will be able to implement any of them. You might compare the options shown below. Also, please check out the YouTube video explanation.
Office 365 Information Rights Management in Exchange Online S/MIME for message Message signing and Encryption encryption
What is it?\ Office 365 IRM is an encryption solution that also applies usage restrictions to email messages. S/MIME is a
Message. It helps prevent sensitive information from being printed, forwarded, or copied by certificate-based
Encryption unauthorized people.\ encryption solution
(OME) is IRM capabilities in Office 365 use Azure Rights Management (Azure RMS).\ that allows you to
a service built both encrypt and
on Azure Rights digitally sign a
Management (Azure message. The
RMS) message encryption
that lets you helps ensure that
send encrypted only the intended
email to people recipient can open
inside or outside and read the
your message. A digital
organization, signature helps the
regardless of the recipient validate
destination email the identity of the
address (Gmail, sender.
Yahoo! Mail, Both digital Outlook.com, signatures and etc.).\ message encryption As an admin, you are made possible can set up through the use of transport rules unique digital that define the certificates that conditions for contain the keys encryption. When for verifying a user sends a digital signatures message that and encrypting or matches a rule, decrypting encryption is messages.
applied To use S/MIME, you automatically.\ must have public To view encrypted keys on file for messages, each recipient. recipients can Recipients have to either get a maintain their own one-time private keys, which passcode, sign in must remain secure. with a Microsoft If a recipient's account, or sign private keys are in with a work or compromised, the school account recipient needs to be associated with get a new private Office 365. key and Recipients can redistribute public also send keys to all encrypted potential senders.
don't need an
messages or send
What does it do?\ OME:\ IRM:\ S/MIME addresses
Encrypts messages Uses encryption and usage restrictions to provide online and offline protection for email sender
sent to internal messages and attachments.\ authentication with
or external Gives you, as an admin, the ability to set up transport rules or Outlook protection rules to digital signatures,
recipients.\ automatically apply IRM to select messages.\ and message
Allows users to Lets users manually apply templates in Outlook or Outlook Web App.\ confidentiality
send encrypted with encryption.
messages to any
Yahoo! Mail, and
Allows you, as an
portal to reflect
and stores the
keys, so you
don't have to.\
No special client-
side software is
needed as long as
message (sent as
be opened in a
What does it not OME Some applications may not support IRM emails on all devices. For more information S/MIME doesn't
do?\ doesn't let you about these and other products that support IRM email, see Client device allow encrypted
apply usage capabilities.\ messages to be
restrictions to scanned for
messages. For malware, spam, or
example, you policies.
can't use it to
stop a recipient
or printing an
Recommendations We recommend We recommend using IRM when you want to apply usage restrictions as well as We recommend using
and example using encryption. For example:\ S/MIME when either
scenarios\ OME when A manager sending confidential details to her team about a new product applies the "Do Not your organization
you want to send Forward" option.\ or the recipient's
sensitive An executive needs to share a bid proposal with another company, which includes an attachment organization
business from a partner who is using Office 365, and require both the email and the attachment to be requires true
information to protected.\ peer-to-peer
people outside encryption.
your S/MIME is most
organization, commonly used in
whether they're the following
consumers or scenarios:
other businesses. Government agencies
For example:\ communicating with
A bank employee other government
sending credit agencies
card statements A business
to customers\ communicating with
A doctor's office a government
sending medical agency
records to a
Our objective is to enable email encryption in your Office 365 tenant and provide instruments to control sensitive data with flexible policies or ad hoc customer controls that are built into Office 365.
An implementation project will be considered successful when you:
- send encrypted emails from any device
- easily navigate through encrypted messages
- deliver encrypted email directly to recipients' inboxes
- decrypt and read encrypted email with confidence, without installing client software
- enjoy simplified user management that eliminates the need for certificate maintenance
IT Partner responsibilities #
- Set up Email Encryption in Office 365
- Create mail flow rules that define the conditions for encryption
- Bring your own key (BYOK) settings if needed
Client responsibilities #
- Provide a dedicated point of contact responsible for working with IT Partner and coordinate any outside vendor resources and schedules, if needed
- Configure all networking equipment, such as load balancers, routers, firewalls, and switches
- Set up and configure the email client(s) on end-user devices
Outside the scope of this project (additional cost items) #
- Mailbox migration to Office 365 (Exchange Online)
- AD and group policy settings
Upon completion of the engagement, we will provide a project closeout report. This document will indicate final project status, including evidence of meeting acceptance criteria, outstanding issues, if any, and final budget. If you want more extensive documentation, it can be provided for an additional fee.
- You must have global admin level access to the source Office 365 tenant
- You must have global admin level access to the destination Office 365 tenant, with Exchange Online licenses available
To use the new OME capabilities, you need one of the following plans:
- Office 365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. Customers do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection
- You can also add Azure Information Protection Plan 1 to the following plans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1, Office 365 Business Essentials, Office 365 Business Premium, or Office 365 Enterprise E1
- Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by the feature
- For the full list, see the Exchange Online service descriptions for Office 365 Message Encryption.
May vary depending on your needs.
- Kickoff meeting
- Pre-implementation system health check
- Configuring OME and additional tools
- Setting up Exchange Online Transport Rules
- Verify email encryption
- Post-implementation tasks
You will be able to use Office 365 Message Encryption (OME) capabilities that protect your emails, and mail flow rules that define the conditions for encryption. Your email recipients should be able to receive and reply to your secure emails using any device with any email client.
Relevant articles #
With this service, we will easily migrate your users' home folders or file share content from file server(s) to OneDrive for Business.
Shadow IT is a term that refers to applications and infrastructure that are managed and utilized without the knowledge of the enterprise's IT department. The Shadow IT Assessment is a structured engagement helping customers discover Shadow IT. The assessment uses Microsoft Cloud App Security to evaluate usage of cloud applications and services from within an organization's network.